CVE-2025-7427 - Vulnerability Details - OpenCVE

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Arm	Arm Development Studio

Configuration 1 [-]

cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://developer.arm.com/documentation/110691

History

Thu, 18 Dec 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arm Arm arm Development Studio
CPEs		cpe:2.3:a:arm:arm_development_studio::::::::
Vendors & Products		Arm Arm arm Development Studio

Wed, 23 Jul 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Jul 2025 10:00:00 +0000

Type	Values Removed	Values Added
Description		Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.
Title		Uncontrolled Search Path Element in Arm Development Studio before 2025
Weaknesses		CWE-427
References		https://developer.arm.com/documentation/110691

MITRE

Status: PUBLISHED

Assigner: Arm

Published: 2025-07-22T09:52:56.703Z

Updated: 2025-07-25T03:55:32.256Z

Reserved: 2025-07-10T10:38:28.706Z

Link: CVE-2025-7427

Vulnrichment

Updated: 2025-07-23T18:33:20.276Z

NVD

Status : Analyzed

Published: 2025-07-22T10:15:25.923

Modified: 2025-12-18T17:19:19.833

Link: CVE-2025-7427

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7427", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2025-07-10T10:38:28.706Z", "datePublished": "2025-07-22T09:52:56.703Z", "dateUpdated": "2025-07-25T03:55:32.256Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Development Studio", "vendor": "Arm", "versions": [{"lessThan": "2025", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-07-22T09:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025 <span style=\"background-color: rgb(255, 255, 255);\">may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.</span><br>"}], "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025\u00a0may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2025-07-22T09:52:56.703Z"}, "references": [{"url": "https://developer.arm.com/documentation/110691"}], "source": {"discovery": "UNKNOWN"}, "title": "Uncontrolled Search Path Element in Arm Development Studio before 2025", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-7427"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T03:55:32.256Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-7427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T18:33:25.286987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T18:33:20.276Z"}}], "cna": {"title": "Uncontrolled Search Path Element in Arm Development Studio before 2025", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Arm", "product": "Development Studio", "versions": [{"status": "affected", "version": "0", "lessThan": "2025", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2025-07-22T09:50:00.000Z", "references": [{"url": "https://developer.arm.com/documentation/110691"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025\u00a0may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.", "supportingMedia": [{"type": "text/html", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025 <span style=\"background-color: rgb(255, 255, 255);\">may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2025-07-22T09:52:56.703Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7427", "state": "PUBLISHED", "dateUpdated": "2025-07-25T03:55:32.256Z", "dateReserved": "2025-07-10T10:38:28.706Z", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "datePublished": "2025-07-22T09:52:56.703Z", "assignerShortName": "Arm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "52620C12-2C92-491C-A07E-79D90EF5BBB0", "versionEndExcluding": "2025.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025\u00a0may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio."}, {"lang": "es", "value": "Un elemento de ruta de b\u00fasqueda no controlado en Arm Development Studio antes de 2025 podr\u00eda permitir a un atacante realizar un ataque de secuestro de DLL. Una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n local de c\u00f3digo arbitrario en el contexto del usuario que ejecuta Arm Development Studio."}], "id": "CVE-2025-7427", "lastModified": "2025-12-18T17:19:19.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-22T10:15:25.923", "references": [{"source": "arm-security@arm.com", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/documentation/110691"}], "sourceIdentifier": "arm-security@arm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "arm-security@arm.com", "type": "Secondary"}]}